-# Rails.application.config.action_dispatch.default_headers = {
-# "X-Frame-Options" => "SAMEORIGIN",
-# "X-XSS-Protection" => "0",
-# "X-Content-Type-Options" => "nosniff",
-# "X-Permitted-Cross-Domain-Policies" => "none",
-# "Referrer-Policy" => "strict-origin-when-cross-origin"
-# }
+Rails.application.config.action_dispatch.default_headers = {
+ "X-Frame-Options" => "SAMEORIGIN",
+ "X-XSS-Protection" => "0",
+ "X-Content-Type-Options" => "nosniff",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "Referrer-Policy" => "strict-origin-when-cross-origin"
+}